ip: Open letter to Geoff Greiveldinger, DoJ [key escrowed,

[David Farber <farber () central cis upenn edu>]

Date: Fri, 8 Sep 1995 22:11:13 -0700
From: Carl Ellison <cme () clark net>
Subject: Open letter to Geoff Greiveldinger, DoJ [key escrowed, export]


NIST (the National Institute of Standards and Technology) held a two-day
public meeting on 6-7 September, 1995 to discuss Software Key Escrow as a
possible means of achieving export of cryptography.


In the morning of 7 Sept, Goeff Greiveldinger of the Department of Justice
gave a description of the kinds of crimes which DoJ wants to use wiretapping
to solve.  He closed this litany of lawbreaking with the assertion that
software manufacturers don't want to provide products which allow such
lawbreakers to keep their criminal evidence hidden from law enforcement.


I'm sorry to disillusion you, Geoff, but I *do* want to make such systems.


Would you have Ryder stop renting trucks because some terrorist decided to
fill one with explosives and kill many innocent children?  Would you have
Americans stop making automobiles because bank robbers have been known to
use cars for getaways?  Would you have all new buildings constructed with
FBI microphones in every wall because some criminals meet in private rooms
in order to plan crimes?


When an American company sweeps its conference room for bugs, finds some and
destroys them, it doesn't matter whether those bugs were planted by industrial
spies or the FBI.  The company has a right to eliminate them.  When that
company ties two such conference rooms together by video-conference equipment
and encrypts the line between them using strong link encryption, it is
performing the same defensive operation in cyberspace.  It is protecting
itself from spies and it doesn't matter that the wiretaps it frustrates might
be illegal ones by industrial spies or legal ones by the FBI.  The right to
attempt to achieve privacy is a long-standing one in this country and not one
to allow to be lost.


When I design and build systems for privacy for my customers, I am providing
products for law-abiding, honest people.  I am aware of criminals, of
course.  Criminals are the threats against whom I protect my customers.
These criminals are usually not in the government but that doesn't mean that
I believe I should offer my honest customers up for a strip-search in
cyberspace.  The law enforcement agencies of this free country have no right
to expect blanket access to the ciphertext of citizens.  It will take
legislation to get that right and I will do everything in my power to keep
such legislation from passing.  Barring such legislation, I will make sure
that honest American citizens have cryptography with which to attempt to
maintain their privacy, even from the government.  We have the right to
attempt to keep a secret from government agencies and continuous
demonstration of that right is an important part of this free country.


On the other hand, I am sympathetic to law-enforcement officers.  I have
several friends in that business.  I have asked my friends and acquaintances
who do surveillance (2 IRS agents investigating organized crime for tax
evasion; 2 undercover cops in Boston's highest drug neighborhood; 1 DEA
agent in the midwest) if they ever encounter encrypted communications or
files.  They don't.  Neither does anyone in their offices.  Of course, even
if they did it would remain so important to preserve our right to attempt to
keep secrets from the government that their frustration would just have to
be accepted.  The fact that this isn't a real problem makes my decision that
much easier.  I am left with no moral qualms at all.


In summary, criminals are so few that I will not design for them.  I will not
treat my vast majority of honest users as if they were criminals just because
some criminal might someday use my product and frustrate you.


ObRisk: We run the risk of losing our fundamental right to attempt to keep a
secret from the government -- a practice we need to preserve in order to
protect ourselves from criminals in cyberspace.  There are powerful forces in
the US government attempting to cajole us into giving up that right.


[see http://www.clark.net/pub/cme/html/nist-ske.html for more on this subject]